All the vulnerabilites related to huawei - ar161fgw-l
Vulnerability from fkie_nvd
Published
2019-06-04 19:29
Modified
2024-11-21 04:44
Severity ?
Summary
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "F64071E5-6ACD-4E51-9162-B0FF3DC08E07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "C623D44E-463B-49A3-81F8-AD219E035B09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "75E27982-56E6-4A6F-9124-34C7420FDDE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "7EB8B580-EF85-44FE-A7A1-455CD5A7BF85",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3202830A-D5CF-411F-B94A-167576919F38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar1200e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B8F6BA3-E2C0-410D-A5E5-6E95545E5467",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CC75BE34-DC7C-45F3-8F19-F703EF4D5982",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220ev:-:*:*:*:*:*:*:*",
"matchCriteriaId": "141A9CA7-59A5-4BA4-A7A7-C876A4426C00",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar1220evw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "14DAC925-7F20-45B9-B753-B7F0EEE3C7F1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D125153E-FE39-49A7-95AA-9482C78E7114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "8A0C5EF2-05D5-4DE5-AFA3-5394E51B33E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "DF226F5B-7BF8-4475-8C0C-91E2E43C6E53",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "3FE54D66-BE3A-492D-B381-4E63880D8088",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar1200-s_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BF5574-175F-4438-A1D1-0EAA8280388B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar1220f-s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1B043BAD-75CD-4D7B-BA3C-118519B64A39",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "455D7A4E-523E-40C8-958D-59D128F3E797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "6B64AE02-D345-4628-A086-7C63C255707C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "25AB058D-C4EB-416F-ACD3-B6ACC2BD83AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "411499D2-DD34-4131-8310-0CCC351D28F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar150_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A87F4819-180D-488B-B8D8-C10B5076F9AB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar158evw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "37D521BD-2D68-494F-ADF3-CA836A9860FE",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5B15E8B7-9F4B-45F1-B4FF-B32AF8CEA9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "A685289C-08B1-43D4-9970-84A7FC75E54B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "2D609298-9ACE-4726-AD04-6765D8F2C374",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A07BC16A-C102-4B21-BF61-C7AE1452BA3E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar160_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "75124BF8-A5FC-46BB-83CF-0C2B7CF92F1B",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar161:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A206CEBA-27BF-4F73-9E16-DEC0B305BB9C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161ew:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1ABF308C-9C4F-4C1E-ADD6-969CDF656BE9",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "EE33C6C9-87F8-42DC-89B1-7C3F5CDFE32E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161f-dgp:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B19316A6-DDB7-4181-9373-30DDF532E203",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fg-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "4917007C-227B-4F1D-AA58-76487A00DF87",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fgw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "AB72AFF6-A296-497D-83D4-5C700FE9D635",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fv-1p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "D3AD4730-5311-4477-8E10-421BE84912F6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161fw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2E39599B-F0F7-4BB8-9E02-91D470995EF5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161g-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99F89646-40DE-499F-9588-4FC7C13D1CCD",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar161w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E7EF0D65-C352-495A-8DD5-78AC66E8480C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar168f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E0124D47-B343-45AD-A06F-9A186A499F84",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar168f-4p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "663A08C1-0F99-4050-A6DA-0081827283C6",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169:-:*:*:*:*:*:*:*",
"matchCriteriaId": "2B2734E4-B511-4C70-9B5F-8DA0A9963E26",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169egw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "DCACD162-8331-47CF-9F77-F71221565AFA",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169ew:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CAAA155B-34BF-4F75-924D-FAB6601FCD46",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169f:-:*:*:*:*:*:*:*",
"matchCriteriaId": "58721B8C-8A6F-4889-B3D1-6433AB485E40",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fgw-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CA425686-6C6C-4ADB-AC8A-D7FE924E340E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fvw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "81601B04-7FC6-4776-9EBC-3C825DA1B7F7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169fvw-8s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1772765A-EE39-4AC0-A6BA-B79AC5D93A8A",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169g-l:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B739B694-237A-4AF2-8A0E-63F902DFB656",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169jfvw-2s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "99BD1519-AF5F-460F-90D6-4FF9CB7CD9EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar169w:-:*:*:*:*:*:*:*",
"matchCriteriaId": "70E1AE34-BEDD-437A-B1F0-606AF4409893",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "622686BB-9302-449F-9351-75B189D1B184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "344D64D1-A9B3-4BFA-ACF3-B421ED427A9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "A1ED9DF8-A444-4684-932D-12B4B2F98736",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "C06FB07B-D74B-42A8-9CE7-CD3FC7217F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0924BB8D-A8A8-4F0F-9CE7-198B399E0685",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar201:-:*:*:*:*:*:*:*",
"matchCriteriaId": "CF8E24FB-1DD4-4DD8-8221-129C30C65E45",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "F377CE1E-77A7-447F-B692-A54682A26BB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "E6A7DDB3-4A2B-46A5-B952-F0FECF88373E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "64CC27CC-EE60-46DE-91CE-6C83AF1F7B3A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5658BAA0-3FCC-4DCB-BDD1-42D00263B29D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "158BF3D7-0195-4E73-A8A9-4536216C3CD0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar2204-27ge:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E1CACBBC-327A-40A6-9DD1-49335B296238",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204-27ge-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9079BB36-E42F-49D6-94D2-D9650A4C3E5C",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204-51ge-p:-:*:*:*:*:*:*:*",
"matchCriteriaId": "E128F1C9-577C-4F4A-B98B-AB268F703DB2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A614397B-C24D-4D69-B84A-05FBBC6AFC23",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2204xe:-:*:*:*:*:*:*:*",
"matchCriteriaId": "67725998-BDD7-4624-8A9F-6CC594293B14",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2220e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "7CC3FEDF-D877-400A-AE16-7EA1C82E042E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2240:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8BD5CAC3-80C9-484D-B715-55FEC0543554",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:huawei:ar2240c:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C570769A-B882-4AB9-A6AC-381020A6BCA1",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "86D6EF09-27A6-493B-BDC6-D6C3AA7DB825",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "59E43441-15B2-4EE0-AB87-6004BA6DD6C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "078ED368-3950-49D1-BC31-523B83165EF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A2639415-69D4-44E5-BDB5-28B3E09117A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar2200s_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "0F7032EF-10C2-4E24-96F7-DEC39F7A1363",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar2200s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C6BC03A9-BBAE-4712-AC58-0338EB572EBA",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "9752658E-3CF5-4D9E-98FB-D15FD892479C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c20:*:*:*:*:*:*:*",
"matchCriteriaId": "A8D0F6C6-5A87-482B-8B2A-693AC7736CB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "4FD70804-3A07-4C82-806B-5F5CA075ABF1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "73E5EE31-3D31-4C59-B2C1-B0BCF3294D9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:ar3200_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "2A5BCC5C-CDFB-4B52-8E2D-E85BEC28FD2A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:ar3260:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C3898C07-F3A3-4C40-95EE-C2F524C5EB31",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B319F31F-94D7-468F-8F71-96F40867AEA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "D578E607-CF83-4121-8AF9-EF1DBE5FE42F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "65DEB87D-8F28-4AC6-9ADC-E13146011102",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg1300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "B68CB9B0-C32C-4EC5-81D0-ED23DB6D8EC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg1320vw:-:*:*:*:*:*:*:*",
"matchCriteriaId": "B98B6177-EFAF-493E-B02B-AE6095A1452F",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "D10EBBF2-8F03-472C-96DB-C72E426E4E38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "D672376C-4256-4CFB-A515-56E31A6706AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "E8486420-C7CA-4296-A9B8-E4DDC1A23530",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg2300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "5EB2C78B-0736-4AA2-A283-AD4441D7EBEA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg2320e:-:*:*:*:*:*:*:*",
"matchCriteriaId": "93EAE9D3-6A9E-4E4F-9550-79EB303A5A83",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r007c00:*:*:*:*:*:*:*",
"matchCriteriaId": "4619CF2C-AB5D-475A-ACF6-61EE02306F7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r008c50:*:*:*:*:*:*:*",
"matchCriteriaId": "43BAC724-4E88-4E3B-9F95-8086D68CADA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r009c00:*:*:*:*:*:*:*",
"matchCriteriaId": "10511D02-503D-43AD-8306-FA1E9A52B8C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:huawei:srg3300_firmware:v200r010c00:*:*:*:*:*:*:*",
"matchCriteriaId": "A05A3FA6-0B32-40A2-BCCE-4395B3DCB2DB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:huawei:srg3340:-:*:*:*:*:*:*:*",
"matchCriteriaId": "0CA1C39E-E679-4EF4-8BF4-D1B46DD614E9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de omisi\u00f3n de verificaci\u00f3n de firma digital en los routers Huawei AR1200, AR1200-S, AR150, AR160, AR20000, AR2200-S, AR3200, SRG1300, SRG2300 y SRG3300. La vulnerabilidad se debe a que el software afectado verifica incorrectamente las firmas digitales de la imagen del software en el dispositivo afectado. Un atacante local con alto privilegio puede aprovechar la vulnerabilidad para omitir las comprobaciones de integridad de las im\u00e1genes de software e instalar una imagen de software malintencionado en el dispositivo afectado."
}
],
"id": "CVE-2019-5300",
"lastModified": "2024-11-21T04:44:42.073",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 0.8,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-04T19:29:00.633",
"references": [
{
"source": "psirt@huawei.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"sourceIdentifier": "psirt@huawei.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-347"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2019-5300
Vulnerability from cvelistv5
Published
2019-06-04 18:30
Modified
2024-08-04 19:54
Severity ?
EPSS score ?
Summary
There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device.
References
| ▼ | URL | Tags |
|---|---|---|
| https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | Huawei | AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300 |
Version: AR1200 V200R008C50 Version: AR1200 V200R009C00 Version: AR1200 V200R010C00 Version: AR1200-S V200R007C00 Version: AR1200-S V200R008C20 Version: AR1200-S V200R008C50 Version: AR1200-S V200R009C00 Version: AR1200-S V200R010C00 Version: AR150 V200R007C00 Version: AR150 V200R008C20 Version: AR150 V200R008C50 Version: AR150 V200R009C00 Version: AR150 V200R010C00 Version: AR160 V200R007C00 Version: AR160 V200R008C20 Version: AR160 V200R008C50 Version: AR160 V200R009C00 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T19:54:52.437Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"vendor": "Huawei",
"versions": [
{
"status": "affected",
"version": "AR1200 V200R008C50"
},
{
"status": "affected",
"version": "AR1200 V200R009C00"
},
{
"status": "affected",
"version": "AR1200 V200R010C00"
},
{
"status": "affected",
"version": "AR1200-S V200R007C00"
},
{
"status": "affected",
"version": "AR1200-S V200R008C20"
},
{
"status": "affected",
"version": "AR1200-S V200R008C50"
},
{
"status": "affected",
"version": "AR1200-S V200R009C00"
},
{
"status": "affected",
"version": "AR1200-S V200R010C00"
},
{
"status": "affected",
"version": "AR150 V200R007C00"
},
{
"status": "affected",
"version": "AR150 V200R008C20"
},
{
"status": "affected",
"version": "AR150 V200R008C50"
},
{
"status": "affected",
"version": "AR150 V200R009C00"
},
{
"status": "affected",
"version": "AR150 V200R010C00"
},
{
"status": "affected",
"version": "AR160 V200R007C00"
},
{
"status": "affected",
"version": "AR160 V200R008C20"
},
{
"status": "affected",
"version": "AR160 V200R008C50"
},
{
"status": "affected",
"version": "AR160 V200R009C00"
}
]
}
],
"datePublic": "2019-03-20T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "digital signature verification bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-06-04T18:30:58",
"orgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"shortName": "huawei"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "psirt@huawei.com",
"ID": "CVE-2019-5300",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300, SRG3300",
"version": {
"version_data": [
{
"version_value": "AR1200 V200R008C50"
},
{
"version_value": "AR1200 V200R009C00"
},
{
"version_value": "AR1200 V200R010C00"
},
{
"version_value": "AR1200-S V200R007C00"
},
{
"version_value": "AR1200-S V200R008C20"
},
{
"version_value": "AR1200-S V200R008C50"
},
{
"version_value": "AR1200-S V200R009C00"
},
{
"version_value": "AR1200-S V200R010C00"
},
{
"version_value": "AR150 V200R007C00"
},
{
"version_value": "AR150 V200R008C20"
},
{
"version_value": "AR150 V200R008C50"
},
{
"version_value": "AR150 V200R009C00"
},
{
"version_value": "AR150 V200R010C00"
},
{
"version_value": "AR160 V200R007C00"
},
{
"version_value": "AR160 V200R008C20"
},
{
"version_value": "AR160 V200R008C50"
},
{
"version_value": "AR160 V200R009C00"
}
]
}
}
]
},
"vendor_name": "Huawei"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "There is a digital signature verification bypass vulnerability in AR1200, AR1200-S, AR150, AR160, AR200, AR2200, AR2200-S, AR3200, SRG1300, SRG2300 and SRG3300 Huawei routers. The vulnerability is due to the affected software improperly verifying digital signatures for the software image in the affected device. A local attacker with high privilege may exploit the vulnerability to bypass integrity checks for software images and install a malicious software image on the affected device."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "digital signature verification bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en",
"refsource": "CONFIRM",
"url": "https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20190320-01-ar-en"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "25ac1063-e409-4190-8079-24548c77ea2e",
"assignerShortName": "huawei",
"cveId": "CVE-2019-5300",
"datePublished": "2019-06-04T18:30:58",
"dateReserved": "2019-01-04T00:00:00",
"dateUpdated": "2024-08-04T19:54:52.437Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}